Skip to main content
The DeployStack Satellite uses Pino logger with Fastify for high-performance, structured logging. This guide covers everything you need to know about configuring and using log levels effectively in the satellite service.

Overview

The Satellite logging system is identical to the backend implementation, built on industry best practices:
  • Pino Logger: Ultra-fast JSON logger for Node.js
  • Fastify Integration: Native logging support with request correlation
  • Environment-based Configuration: Automatic log level adjustment based on NODE_ENV
  • Structured Logging: JSON output for production, pretty-printed for development

Available Log Levels

Log levels are ordered by severity (lowest to highest):
LevelNumeric ValueDescriptionWhen to Use
trace10Very detailed debuggingMCP server process tracing, detailed communication flows
debug20Debugging informationDevelopment debugging, MCP server lifecycle events
info30General informationSatellite startup, team operations, successful MCP calls
warn40Warning messagesResource limits approached, MCP server restarts
error50Error conditionsMCP server failures, team isolation violations
fatal60Fatal errorsSatellite crashes, critical system failures

Configuration

Environment Variables

Set the log level using the LOG_LEVEL environment variable in your .env file:

Default Behavior

The logger automatically adjusts based on your environment:
Default Levels:
  • Development: debug (shows debug, info, warn, error, fatal)
  • Production: info (shows info, warn, error, fatal)

Log Output Formats

Development Format (Pretty-printed)

Production Format (JSON)

Satellite-Specific Logging Patterns

MCP Server Management

Team Isolation Operations

Backend Communication

HTTP Proxy Operations

Logger Parameter Injection Pattern

The Satellite follows the same logger injection pattern as the backend:

βœ… DO: Pass Logger as Parameter to Services

βœ… DO: Use Child Loggers for Persistent Context

Satellite-Specific Context Objects

Always include relevant context that helps identify satellite operations:
Best Practices for Satellite Context Objects:
  • Always include satelliteId: Identifies which satellite instance
  • Include teamId for team-specific operations
  • Add operation: Consistent field describing the operation
  • Include serverId for MCP server operations
  • Add performance metrics: Duration, resource usage, counts
  • Use consistent naming: camelCase and standard field names

Secret Masking in Logs

The satellite automatically protects sensitive credentials in log output through selective secret masking. This prevents API keys, tokens, and passwords from appearing in plain text in log files or monitoring systems.

How Secret Masking Works

Automatic Detection:
  • Backend sends metadata with MCP server configurations identifying which fields are secrets
  • Satellite receives secret_metadata with lists of secret query parameters, headers, and environment variables
  • Masking utilities automatically apply to fields marked as secrets
Masking Pattern:
  • First 3 characters remain visible followed by ***** (e.g., sk_abc123xyz789 becomes sk_*****)
  • Values shorter than 3 characters are fully masked as ***
  • Non-secret values remain fully visible for debugging

Using the Log Masker Utility

The log masking utilities are located in src/utils/log-masker.ts and provide three functions for masking different configuration types:

Best Practices for Secret Protection

βœ… DO: Use Masking Functions for URLs with Credentials
βœ… DO: Mask Headers Containing Authentication
❌ DON’T: Log Raw Credentials

Implementation Locations

Secret masking is implemented in these satellite components:
  • Dynamic Config Manager (src/services/dynamic-config-manager.ts) - 5 locations where MCP server URLs are logged
  • Command Processor (src/services/command-processor.ts) - MCP server spawn and configuration logging
  • HTTP Proxy Manager (src/process/http-proxy-manager.ts) - HTTP/SSE transport logging
  • MCP Server Wrapper (src/core/mcp-server-wrapper.ts) - Server connection and lifecycle logging
  • Remote Tool Discovery (src/services/remote-tool-discovery-manager.ts) - Tool discovery from HTTP servers

Debugging with Masked Logs

When troubleshooting authentication issues:
  1. Partial visibility helps identify credentials: First 3 characters show which credential was used
  2. Compare prefixes: Verify the correct API key/token is being applied
  3. Check non-secret params: Regular parameters remain visible for debugging
  4. Use secret metadata: Confirm which fields are marked as secrets in configuration
Example masked log output:

Environment-Specific Configuration

Development Environment

Features:
  • Pretty-printed, colorized output
  • Shows debug and trace information
  • Includes timestamps and context
  • Easier to read during development

Production Environment

Features:
  • Structured JSON output
  • Optimized for log aggregation
  • Excludes debug information
  • Better performance

Testing Environment

Features:
  • Minimal log output during tests
  • Only shows errors and fatal messages
  • Reduces test noise

Common Satellite Logging Patterns

Satellite Lifecycle

MCP Server Operations

Team Management

Troubleshooting

Debug Mode Not Working

If debug logs aren’t showing:
  1. Check LOG_LEVEL: Ensure it’s set to debug or trace in .env
  2. Check NODE_ENV: Development mode enables debug by default
  3. Restart Satellite: Environment changes require restart

Performance Issues

If logging is impacting satellite performance:
  1. Increase Log Level: Use info or warn in production
  2. Remove Excessive Debug Logs: Clean up verbose debug statements
  3. Use Async Logging: Pino handles this automatically

Log Aggregation

For production satellite monitoring:

Migration from Console.log

Important: Replace all console.log statements with proper Pino logger calls to ensure consistent formatting and log level filtering.

Problem: Inconsistent Log Output

Solution: Use Proper Logger

Summary

  • Use proper log levels for satellite operations
  • Include satellite-specific context (satelliteId, teamId, serverId)
  • Follow backend logging patterns for consistency
  • Configure LOG_LEVEL via environment variables
  • Use child loggers for persistent context
  • Avoid console.log statements in favor of Pino logger
With proper log level configuration, the satellite service will have production-ready logging that scales from development to enterprise deployments, providing the observability needed for managing MCP servers and team isolation.